#自定义权限验证类
from rest_framework.permissions import BasePermission
class MyAdminPermission(BasePermission):

    message='管理员操作可操作,登录用户可读'

    def has_permission(self, request, view):
        if request.user.is_authenticated:

           if request.user.is_staff:    #是否是管理员
               return True

           if request.method=='GET':
               return True

        return False











